On November 13, 2019, AWS added a new field EncryptionResponse to the decrypt message response from KMS. This is not documented here as of the filing of this ticket.
As a result, 4.2.0, and 4.2.1 shell cannot work with AWS KMS
- is documented by
DOCS-13231 SERVER-44721: Change in AWS KMS response object breaks shell field level encryption